Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GitHub - expose Dependabot alerts in the workbench #178991

Open
lszomoru opened this issue Apr 3, 2023 · 0 comments
Open

GitHub - expose Dependabot alerts in the workbench #178991

lszomoru opened this issue Apr 3, 2023 · 0 comments
Assignees
@lszomoru
Labels
feature-request Request for new features or functionality github Github extension
Milestone
Backlog

Comments

@lszomoru
Copy link
Member

lszomoru commented Apr 3, 2023
edited
Loading

I have looked at the Dependabot REST/GraphQL APIs and from the looks of it, the dependabot contains information about a vulnerable package, the manifest file in which the package is listed but it does not contain information about the location where the package is listed. This means that we cannot reliably create diagnostic information to display in the workbench. Our hypothesis has been confirmed when testing the GitHub Advanced Security extension that provides similar functionality. The extension displays diagnostic information based on a text search in the file rather than explicit locations.

I think that this effort should be on-hold until GitHub provides better API. //cc @joaomoreno
@lszomoru lszomoru added the github Github extension label Apr 3, 2023
@lszomoru lszomoru added this to the April 2023 milestone Apr 3, 2023
@lszomoru lszomoru self-assigned this Apr 3, 2023
@kieferrm kieferrm mentioned this issue Apr 3, 2023
Closed
90 tasks
@lszomoru lszomoru modified the milestones: April 2023, May 2023 Apr 26, 2023
@kieferrm kieferrm mentioned this issue May 8, 2023
Closed
76 tasks
@lszomoru lszomoru modified the milestones: May 2023, Backlog May 15, 2023
@kieferrm kieferrm mentioned this issue Jun 11, 2023
Closed
74 tasks
@lszomoru lszomoru modified the milestones: Backlog, June 2023 Jun 15, 2023
@lszomoru lszomoru added the feature-request Request for new features or functionality label Jun 15, 2023
@lszomoru lszomoru modified the milestones: June 2023, Backlog Jun 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lszomoru lszomoru

Labels
feature-request Request for new features or functionality github Github extension
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
1 participant
@lszomoru